Fixes #443 for v5

Author: eoftedal

node/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [5.1.2]
+
+### Bugfix
+
+- JSON format should not include results without vulnerabilities unless `--verbose` is specified.
+
 ## [5.1.1]
 
 ### Bugfix

node/lib/retire.js

@@ -4,7 +4,7 @@
  */
 
 var exports = exports || {};
-exports.version = '5.1.1';
+exports.version = '5.1.2';
 
 function isDefined(o) {
   return typeof o !== 'undefined';

node/package-lock.json

@@ -2,7 +2,7 @@
   "author": "Erlend Oftedal <erlend@oftedal.no>",
   "name": "retire",
   "description": "Retire is a tool for detecting use of vulnerable libraries",
-  "version": "5.1.1",
+  "version": "5.1.2",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

node/package.json

@@ -23,6 +23,9 @@ export default {
         };
     logger.warn = logger.error = (message) => finalResults.errors.push(message);
     logger.logVulnerableDependency = (finding) => {
+      if (!config.verbose) {
+        finding.results = finding.results.filter((r) => retire.isVulnerable([r]));
+      }
       finalResults.data.push(finding);
     };
     logger.logDependency = function (finding) {